We write to implore the World Wide Web Consortium and its member
organizations to reject the Encrypted Media Extensions (EME) proposal. As prominent organizations defending Internet and computing freedom, we join the more than fifteen-thousand Web users who have already signed Defective by Design's petition against EME. This disastrous proposal would change HTML, the underlying language of the Web, to make it accommodate and encourage Digital Restrictions Management (DRM). EME is sponsored by a handful of powerful companies who are W3C members, like Microsoft and Netflix. These companies have been promoting DRM both for their own reasons and as part of their close relationships to major media companies. DRM restricts the public's freedom, even beyond what overzealous copyright law requires, to the perceived benefit of this privileged, powerful few.

The W3C's work is crucial to the continued integrity and
interoperability of the global network. We recognize the need for the
W3C to respond to the changing landscape of the Web and to reconcile
the interests of multiple parties. But ratifying EME would be an
abdication of responsibility; it would harm interoperability, enshrine
nonfree software in W3C standards and perpetuate oppressive business
models. It would fly in the face of the principles that the W3C cites
as key to its mission and it would cause an array of serious problems
for the billions of people who use the Web.

First, in the process of rendering media, every required browser
plug-in is a metaphorical gate where restrictions can be enforced.
Since DRM requires denying users their right to modify the plug-ins
and other relevant programs, it is by nature incompatible with free
"as in freedom" software. Because of this, browser plug-ins designed
to play media under the EME specification would all be proprietary,
and widespread adoption of this plug-in system would pressure more and
more Web users to sacrifice their computing freedom in order to view
media. Enshrining nonfree software in HTML itself would comparatively
diminish the values of freedom, self-actualization and
decentralization so critical to the Web as we know it.

Second, EME is inconsistent with W3C's stated principles. It would
damage the Web's interoperability by spurring a new proliferation of
the plug-ins for playing DRM-encumbered media. Since each plug-in
option could have unique hardware and software restrictions, this
would move the Web away from universal compatibility and toward a more
fractured state. Therefore, adopting EME would run counter to "global
interoperability," an explicit commitment of the Open Stand standards guidelines to which W3C is a signatory.

The W3C's official vision statement also "recognizes that trust is a
social phenomenon, but technology design can foster trust and
confidence" and asserts that the W3C's mission includes "building
trust on a global scale." A specification designed to help companies
run secret code on users' computers to restrict what they do on the
Web would severely undermine that trust. The only trust being built
here is between media companies calling for DRM and their powerful
allies promoting EME in the W3C.

Some have said that EME is not itself a DRM scheme, and so is
compatible with the principles underlying the Web. But this is a
willfully blind attempt to hide from the bad publicity around DRM. EME
has no purpose other than providing a hook in HTML on which to hang
digital restrictions. EME author Mark Watson has even stated that
"Certainly, our interest is in [use] cases that most people would call
DRM." Claiming that EME adds no DRM to the Web is like saying (in the
words of the Electronic Frontier Foundation's Peter Eckersley) "We're
not vampires, but we're going to invite them into your house."

Another misguided defense of the proposal is that DRM applied to
streaming media is just the same as renting videos at a store or
borrowing books from a library and is therefore ethically acceptable.
But this position ignores the historical context of DRM and the
direction in which media is heading. Applying such restrictions to
streaming media may seem less harmful now, when "ownership" of most
media is still possible by storing it on a personal hard drive. It is
quite possible, however, that this option will disappear as companies
create a system in which media is only available via streaming --
where they are able to control who views what when with which
software. In that situation, the role of DRM will be even more
critically important.

Even in the present day, and even if it is applied only during
streaming, DRM is not equivalent to restrictions involved when renting
physical copies, because it requires computers to permanently treat
their own users as hostile. Plug-in software may claim only to serve
the purpose of decrypting streaming media, but since it is
proprietary, users won't be able to see what that software is
actually doing. There have been many examples in the short history of DRM of such systems providing attack vectors or otherwise doing
much more than advertised, behind users' backs.

As the Web becomes an ever more vital medium for media, culture,
commerce and communication, the base of stakeholders in the W3C's
decisions is widening and diversifying. But ratifying EME would
represent the narrow interests of entrenched software firms with
strong ties to the entertainment industry. Though it is not in the
W3C's power to prevent these companies from implementing DRM on the
Web, endorsing EME would constitute an abdication of responsibility to
the core goals of the W3C and the Web-using public. We call on the W3C
to reject EME and any other provision for DRM in World Wide Web
standards.